Page 1 of 1

Sandbox is and disabling of anti-virus

Posted: Tue Sep 26, 2017 4:21 am
by Dreblue
So the other day I used sandboxie to execute a suspicious program using a fairly new laptop. And I was surprised to see that seconds during the execution of this program, I got a notification stating that my anti virus was disabled? I was wondering whether this is possible for a sandboxed program to do this or whether sandboxie creates a virtualized version of the anti virus and it was in fact this virtualized copy that was 'disabled' rather than my outside one? I must add that the program did require uac permission which it was given. Does that impact on it too? I'm a bit concerned, however, if it was in fact a virus trying to infect me, would deleting the sandboxed contents mean removal of the virus or did the virus in fact bypass sandboxie security?

Re: Sandbox is and disabling of anti-virus

Posted: Tue Sep 26, 2017 11:39 am
by Barb@Invincea
Hello Dreblue,

Isolated applications inside Sandboxie cannot modify applications running on your host, unless you explicitly opened a path for them (for example, some templates allow communication between Sandboxed apps and the host, in order to make modifications) .
Deleting the contents of your Sandbox ensures anything inside of it gets deleted.

If you could provide more information, as well as repro steps, I will test the scenario:
viewtopic.php?f=11&t=19746

Regards,
Barb.-